Spring security 使用JavaConfig进行Spring安全性的简单演示_Spring Security_Spring Java Config

Spring security 使用JavaConfig进行Spring安全性的简单演示

spring-security

Spring security 使用JavaConfig进行Spring安全性的简单演示,spring-security,spring-java-config,Spring Security,Spring Java Config,我的Maven项目有一些集成测试，需要满足一些简单的内存Spring安全性我有一个基于XML的配置，可以很好地工作，但现在我想将它放在一个基于JavaConfig的配置中：  <http use-expressions="true" pattern="/admin/**"> <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" /&

我的Maven项目有一些集成测试，需要满足一些简单的内存Spring安全性

我有一个基于XML的配置，可以很好地工作，但现在我想将它放在一个基于JavaConfig的配置中：

<!-- A REST authentication -->
<http use-expressions="true" pattern="/admin/**">
    <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />
    <http-basic entry-point-ref="restAuthenticationEntryPoint" />
    <logout />
</http>

<!-- A hard coded authentication provider -->
<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="stephane" password="mypassword" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider>
</authentication-manager>

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .authorizeRequests()
    .anyRequest().authenticated()
    .and()
    .httpBasic();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable()
    .httpBasic()
    .authenticationEntryPoint(restAuthenticationEntryPoint)
    .and()
    .authorizeRequests()
    .antMatchers("/**").hasRole("ADMIN")
    .anyRequest().authenticated();
}

但GET请求被拒绝访问：测试失败：testGreetingSucceedsWithCorrectUserCredentialscom.thalasoft.learnTouch.rest.AdminControllerTest:状态应为：但为：

有线索吗

亲切问候,

Stephane Eybert

我可以通过以下配置修复安全性：

<!-- A REST authentication -->
<http use-expressions="true" pattern="/admin/**">
    <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />
    <http-basic entry-point-ref="restAuthenticationEntryPoint" />
    <logout />
</http>

<!-- A hard coded authentication provider -->
<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="stephane" password="mypassword" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider>
</authentication-manager>

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .authorizeRequests()
    .anyRequest().authenticated()
    .and()
    .httpBasic();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("stephane").password("mypassword").roles("ADMIN");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable()
    .httpBasic()
    .authenticationEntryPoint(restAuthenticationEntryPoint)
    .and()
    .authorizeRequests()
    .antMatchers("/**").hasRole("ADMIN")
    .anyRequest().authenticated();
}

我缺少.authenticationEntryPointrestAuthenticationEntryPoint和.csrf.disable配置

现在测试如预期的那样通过了